Internet shopping has made its breakthrough in recent years. In order to shop online, one must be able to have access to a computer as well as a credit card or a debit card. In the case of physical goods, the delivery of the purchased product must be arranged in a convenient way and it should be available directly from the online shop.
Due to the delivery of personal financial transaction data over the Internet, security plays the most important role in online shopping. Multiple security related arrangements have been implemented in order to raise the security level. Some of the prior art security related arrangements originate from the security systems of the financial institution e.g. granting a credit card to the user. A typical example of such a security related issue is that each credit card comprises a specific credit card number and in addition thereto, there is a so called CVC (Card Verification Code) number for further controlling the card. It will be appreciated that several alternative security methods relating to payment are introduced due to the fact that there are multiple other payment methods available besides the credit card.
Furthermore, the telecommunication connections are typically secured by some encryption method(s). TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are widely used methods, which are cryptographic protocols providing communication security over the Internet.
It is clear that the security shall be arranged between all operators involved in the shopping transaction i.e. between the user and the web shop as well as financial institution if needed for the transaction.
A typical procedure in online shopping is that a user first enters a web shop over the Internet and finds a product he/she wants to purchase. The user places an order normally through a secured channel, e.g. the connection is secured with SSL. The order is registered in the web shop entity and after inputting the necessary information relating e.g. to the delivery and to the delivery address, the payment procedure is started. The payment procedure can be arranged e.g. in such a manner that request for the payment information is arranged inside the web shop. In practice, it means that the system requests a desired payment method as well as any other necessary information to accomplish the payment for the product in a manner that is secure for users i.e. customers, but also for the web shop itself. A secure payment method for the web shop means that the web shop is able to receive confirmation that the customer pays the purchase. The confirmation may be derived from the information received from the customer or alternatively some other entity, such as a financial institution, can confirm it. If the web shop system is configured in such a manner that the financial institution shall confirm the payment of the purchase, the information received from the customer is delivered to the financial institution for further checking. If the information matches with the already existing information in the possession of the financial institution, the payment can be confirmed to the web shop. After confirmation the purchase order can be confirmed by the web shop. In response to the confirmation of the purchase order, the web shop can start the delivery of the product i.e. by enabling e.g. the download of a digital data from the server or prepare and arrange the shipment in the case of a physical product.
To improve the security further, methods utilizing a mobile terminal and a mobile communication network have been developed. For example, the whole payment procedure is arranged through a mobile terminal and a mobile communication network so that the user i.e. the customer receives a confirmation code from the web shop and to confirm the purchase, he/she needs to deliver the code with an SMS (short message) back to the web shop entity. In some embodiments the payment of the purchased product is arranged to be included in the telephone bill.
The prior art solutions for online payment comprise several drawbacks. Typically the situation is that if one wants to improve security, it directly increases the complexity of the whole system. This may be challenging especially to smaller players due to the fact that such parties have limited resources to develop and amend their systems. Especially, bearing in mind that one typical phenomenon in connection with web shops is that launching a shop is quite easy and is possible even with small resources, there is a need for technical solutions that can be implemented even by the smaller parties.
Normally, the financial institutions set the framework for security issues in any payment method. This is due to the fact the financial institutions normally “own” the user i.e. web shop customer by means of offered payment method, such as a credit card. The financial institutions have developed their systems primarily to serve traditional shopping methods and merely extended the systems to serve the online shopping as well. As a consequence their systems are very heavy and thus difficult to change if needed.
One drawback with respect to credit card based payment systems is that the payment transactions are based on the credit card number and the CVC (Card Verification Code). Both can be found in the credit card. Thus, if the credit card ends up in the wrong hands, it is possible to use the credit card illegally. Another drawback is security breaches in web shops, hacking, phishing and similar risks which expose sensitive customer data to unauthorized use.
Another aspect is that any payment method developed for online shopping shall be easy to use from the end user's i.e. the web shop customer's perspective. The method shall be a simple one and especially such that the user feels safe during web shopping. Advantageously one payment method is applicable in multiple instances so that the user becomes familiar with the system. This increases trust in web shopping and as a consequence web shopping gains popularity.